In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

[Andy Ful]

All discussion here about WD is slightly confusing to me. I agree with zhuzhangspankspank that the visible excitement about WD protection is not justified (especially for Windows Home and Pro). It can be improved much by using PowerShell or my tool, but this is not what average users will do. I would like to focus on how WD really works in the home environment, and if the new features are available for Windows Home.

 

[ErzCrz]

I've been an avid Comodo user because of it's default-deny and sandboxing for many years but recently went back to Windows Defender. I've far to often fallen for claims by the likes of 3rd party AVs and had the likes of McAfee on my system for a your but I believe in the OS ability to protect itself. A lot of the built in protection is beyond my knowledge which is why I find @Andy Ful 's H_C so valuable and harnesses the OS built-in protection without most of the technical knowledge.

Comodo is still free (website being updated at the moment) but I spent so much time tweaking bits, remembering to deselect Yahoo and DNS and other included bits but a lot of the default type protection is built directly into windows, especially with the use of H_C.

Anyway, Microsoft wouldn't benefit from having an insecure system. It's in it's best interest to have the best protection possible. I would love to see full ATP protection added to Windows Home and/or a default locked down system instead of default allow.

Just my thoughts anyway. Not sure if much of it makes sense, been a long day, but you'll get the gist of what I'm trying to say I think.

Erz

 

[oldschool]

I would like to focus on how WD really works in the home environment, and if the new features are available for Windows Home.

I think this is the great mystery since M$ does not seem interested in posting about WD in Windows Home specifically in its blogs.

Edit: We are probably left only with the limited testing we do in the Hub, except these are not real-world conditions. If you look at a well known site like Bleeping Computer, their forum mods now always advise avoiding security paranoia and using WD.

 

[93803123]

All discussion here about WD is slightly confusing to me. I agree with zhuzhangspankspank that the visible excitement about WD protection is not justified (especially for Windows Home and Pro). It can be improved much by using PowerShell or my tool, but this is not what average users will do. I would like to focus on how WD really works in the home environment, and if the new features are available for Windows Home.

People should use your tool.

I am knowledgeable enough to know the amount of time and effort that you have had to put into H_C and the other utilities. It is no easy thing to test Windows security properly. So everyone does owe @Andy Ful a debt of gratitude. I say pass it on ! Pay it forward ! Educate others ! Either that or send the man a few million zloty.

Any person who graduates from a junior\middle high school should understand everything that is behind Hard_Configurator.

What is the world doing with tax payer dollars ? Anyone who can answer that one with any clarity gets a virtual chocolate bar. It sure ain't spending it very effectively on life skills education and development. It's no wonder that engineers and fabricators still build bridges that fall down - and we're stuck with only 3 choice - Windows, MacOS and Linux.

Wha ? This is bull sheet. I'm going on degenerate OS hunger strike for all humanity.

 

[93803123]

But they should, because Microsoft is the market share leader in business endpoints and has the biggest market share in the consumer segment too.

That is only because Microsoft is a de facto monopoly. They've been sued countless times by the 3rd party software groups. Microsoft abuses its stranglehold on society. It's a grossly unfair advantage.

Sorry, but Windows security might be a grouping of interesting technologies, but their execution has always been crap. So they aren't any kind of threat to worry about.

 

[93803123]

Well to be fair, Windows is MS property and for better, or worse, they can do as they please with it. In all fairness, the way I see it, since Windows is MS property, they really should be the ones shouldering the burden of keeping it safe. Others have profited by doing this for MS, due to their stupidity over the years. Thing is, for MS to properly lock things down, it will block what 3rd parties can do, or have access to. 3rd parties also do create problems, so it really isn't only MS as some claim. What about issues with HTTPS and browsers, slow web page laoading, FP of critical system files, causing issues with games and such? These aren't issues that MS created, these are issues that 3rd parties created due to the way they hook into things, etc...



Well of course they will say/think that. Let's cut the BS, these companies are making money on this, so let's be realistic here. If anything cuts into their margins, including MS and WD/ATP, of course they wont be happy. They may have some truth to the matter, but at the end of the day it's still a business for them.

Microsoft doesn't work well with others. It is the one that makes things such that parties have to do what they got to do to make stuff work. In any case, it isn't as if 3rd party AVs are trashing Windows. Typically, it is Microsoft that is trashing the AVs.

No. I don't trust Microsoft to protect a damn thing. Over the years it has proven that it cannot.

Microsoft will never lock down anything. It caters to "Users that want to use stuff." Apple at least got it mostly right - which is to strictly limit what users can do.

You're quoting all "users that want to use stuff" problems. Those kinds of problems don't fly. At least not with me they don't. Because Microsoft itself has problems with games, FPs, browser issues, and so on. Microsoft is no better than anyone else. There is a lot of undocumented, unspoken shady stuff.

No one is going to go out of business because of Windows 10 security anytime soon.

In fact, it will be Windows (or Android) that will make the first billion dollar malware possible. Just like Ormandy and a whole slew of other industry leaders have called it.

 

[93803123]

People are starting to get too worked up about Windows security in this thread. Windows security deserves every bit of criticism that it gets. In fact, it deserves more criticism. There are some things about it that are defensible, but overall, it does poorly.

It is easy enough to defend something when you have never tested it to determine its weaknesses. Downloading and executing malware on the desktop is one small sliver of testing. Most AVs will do reasonably, if not quite, well in this type of testing. It takes more sophisticated testing to reveal the chinks in the Windows armor.

There is a lot of arm-chair defense of Windows 10 security. It makes me chuckle. You want to cling to the notion that Windows security will fully protect you in a bad case, then have at it. It's your system, not mine. A problem you created for yourself by making a bad choice to embrace the Microsoft glossy tabloid.

 

[Protomartyr]

I really appreciate this discussion. Being new to the field of security, seeing all these different viewpoints is really enlightening for me.

 

[Andy Ful]

...
In fact, it will be Windows (or Android) that will make the first billion dollar malware possible. Just like Ormandy and a whole slew of other industry leaders have called it.

I think that Microsoft can be blamed for the quick development of most malware branches, just like humans can be blamed for the degradation of the natural environment on Earth. It is a fact that Microsoft did not care much about Windows security for many years.

 

[Andy Ful]

I think that Microsoft can be blamed for the quick development of most malware branches, just like humans can be blamed for the degradation of the natural environment on Earth. It is a fact that Microsoft did not care much about Windows security for many years.

But, I do not think that the situation could be much better if all people would use Linux. The malc0ders are smart, adaptive and motivated by profits. The differences between both operating systems would not stop them to develop dangerous malware. The practice of computing, forces usability and productivity over security. This can be seen in Enterprises - many of them are still vulnerable to WannaCry attack, even if this vulnerability was patched a long time ago.
Furthermore, the development of AVs also does not improve the users' protection. I could argue that the average user has greater chances to be infected nowadays than 20 years ago. All that can be done is keeping a kind of balance between AV protection and evolving malware attacks.

But, there is a well known tactic to be pretty much safe. Learn basic security precautions and apply better security than average.

 

[ForgottenSeer 72227]

Microsoft doesn't work well with others. It is the one that makes things such that parties have to do what they got to do to make stuff work. In any case, it isn't as if 3rd party AVs are trashing Windows. Typically, it is Microsoft that is trashing the AVs.

No. I don't trust Microsoft to protect a damn thing. Over the years it has proven that it cannot.

Microsoft will never lock down anything. It caters to "Users that want to use stuff." Apple at least got it mostly right - which is to strictly limit what users can do.

You're quoting all "users that want to use stuff" problems. Those kinds of problems don't fly. At least not with me they don't. Because Microsoft itself has problems with games, FPs, browser issues, and so on. Microsoft is no better than anyone else. There is a lot of undocumented, unspoken shady stuff.

No one is going to go out of business because of Windows 10 security anytime soon.

In fact, it will be Windows (or Android) that will make the first billion dollar malware possible. Just like Ormandy and a whole slew of other industry leaders have called it.

Thats totally fair and I respect your stance. MS is by no means innocent in any of this. As I've said, they have created a lot of problems of their own, but I just don't agree with the "MS is the cause of all problems and 3rd parties are 100% innocent and have never created problems themselves (paraphrasing here)." That really isn't accurate and as much as some like to play the blame MS game, fact is 3rd parties do infact cause issues. I do apologize in advance if this wasn't what you meant, its just how I read it.

I get what you saying about users want to use stuff, but security is all about balance. I can have excellent security, but if I can't use my computer, what's the point? A lot of problems IMO really has to do with education and practicing safe habits. Too many people IMHO put way too much faith in security programs as a whole, with the assumption its going to solve all of their problems. Fact is someone can put a top notch 3rd party program on someone's system, but if they disable the real -time protection to run something, or don't renew their product, might as well have nothing at all.

But, I do not think that the situation could be much better if all people would use Linux. The malc0ders are smart, adaptive and motivated by profits. The differences between both operating systems would not stop them to develop dangerous malware.

But, there is a well known tactic to be pretty much safe. Learn basic security precautions and apply better security than average.

Agreed.

Windows itself will always remain in such a state, some of it being due to MS, but a lot of of it just simply being that Windows still runs the OS show. Linux and Mac OS have done somethings better than Windows when it comes to security, but they also enjoy a much smaller market share. This by itself is keeping hackers away, as they don't want to waste time with them, as it's more profitable to attack Windows. I am 100% confident that if Linux, or Mac OS had the market share that Windows does, they would be ripped a part. OSes as a whole have gotten way bigger and more complex. The more features they add, the more doors open for attacks.

Like you said, practice safe computing habits and run an AV and your chances of getting infected will be significantly reduced.

 

[ForgottenSeer 823865]

Sorry, but Windows security might be a grouping of interesting technologies, but their execution has always been crap. So they aren't any kind of threat to worry about.

I agree with that, MS could have terminated all those 3rd party vendors decades ago. Even now they still can, and replace them efficiently if they cared to do things properly.
All the security features are loosely implemented (Protected Folders) , poorly documented and painful to customize (Exploit Guard) and sometimes not even functional (hyper-v and the Windows Sandbox that can't connect to internet lol).

I don't know who is their project chief but this guy should be fired.

 

[Handsome Recluse]

Any person who graduates from a junior\middle high school should understand everything that is behind Hard_Configurator.

What is the world doing with tax payer dollars ? Anyone who can answer that one with any clarity gets a virtual chocolate bar. It sure ain't spending it very effectively on life skills education and development. It's no wonder that engineers and fabricators still build bridges that fall down - and we're stuck with only 3 choice - Windows, MacOS and Linux.

What's the point? They'll casually forget it anyway.

 

[ForgottenSeer 823865]

The solution is to use anything except Microsoft made.

naaaaaaah ! using MS bring you lot of emotions: anger, hate, desperation, suicidal tendencies, and finally orgasm when you manage to make something work.
Linux is boring, everything works as it should...

 

[93803123]

I can have excellent security, but if I can't use my computer, what's the point?

That is the problem expectation right there. Everyone thinks that they should be able to do what they want to do on their device. That way of thinking is an anchronism - way out of touch with the current realities of digital security. Wrong. Because what you do on your device clearly affects others. That whole userland way of thinking needs to be stopped. If you infect my system and cause damages, guess what ? I'm going to sue you. And I will win. If you are an employee, not only will I fire you, I will also sue you and win. You will pay for the damages. So it is in your best interests to have a device that prevents you from shooting yourself in the foot and then infecting others.

 

[93803123]

What's the point? They'll casually forget it anyway.

People need to be held accountable for what they do on digital systems. That has to figure in security. If not, nothing is going to change.

I think if you use a crack, and it results in my system getting infected, then at the very least you should get into serious trouble, if not be but into jail.

People who are prolific downloaders and chromic clickers are not victims. They are the cause of a lot of propagation. This issue is not just limited to the malcoders as the only party to blame. It's like the person who has diabetes, yet they continue to eat a pig diet that causes them all manner of diabetic issues. Such individuals place a huge burden on medical system and after a while the medical system pushes back really hard on them. It should be the same in the digital space.

 

[93803123]

The malc0ders are smart, adaptive and motivated by profits. The differences between both operating systems would not stop them to develop dangerous malware.

Technology creates crime. It creates new ways to target and take criminal advantage of the weaknesses. So moving to Linux is only a stop-gap measure. In a nutshell, the attack surface reduction is only going to last as long as Linux remains a geek OS.

The practice of computing, forces usability and productivity over security.

That has to stop. Until the coddling of people changes, it will only confitnue to get worse. Ignorant users place everyone else at risk. The only way to nip that issue in the bug is to prevent them from doing all their dumb sheet through mechanisms on the device as it is shipped - independent of security software.

Here it is becoming more and more prevalent where people are suing those that are responsible for causing damage through careless actions. Employers are able to fire employees for infecting their systems. And they are allowed to sue the ex-employee to recover full costs of fixing the damage.

That is as it should be.

But, there is a well known tactic to be pretty much safe. Learn basic security precautions and apply better security than average.

People cannot be expected to do this on their own. They need to be forced to do it or their choices on the device need to be removed. The easiest method is to do as Apple does - where users can only do what Apple allows them to do.

 

[ForgottenSeer 823865]

it is why the model adopted by Chromebook or Apple is better security-wise than MS, people are restricted (or have nothing to modify) hence less infections.

 

[blackice]

That is the problem expectation right there. Everyone thinks that they should be able to do what they want to do on their device. That way of thinking is an anchronism - way out of touch with the current realities of digital security. Wrong. Because what you do on your device clearly affects others. That whole userland way of thinking needs to be stopped. If you infect my system and cause damages, guess what ? I'm going to sue you. And I will win. If you are an employee, not only will I fire you, I will also sue you and win. You will pay for the damages. So it is in your best interests to have a device that prevents you from shooting yourself in the foot and then infecting others.

I think that @Raiden was coming at it more from a home user prospective. I work for the US Govt. our computers are locked down and we aren’t able to do much of anything outside the scope of our work, as it should be. But when I go home, I don’t need the hassle of default deny since I am cautious about what I install and rarely download much of anything that’s not from an official store or site. Not that I won’t get infected, but I don’t need enterprise level restrictions on a personal device. On the enterprise side I totally agree, the device and network belong to the company and as such it is their prerogative to protect it.

 

[ForgottenSeer 823865]

. But when I go home, I don’t need the hassle of default deny since I am cautious about what I install and rarely download much of anything that’s not from an official store or site.

Even that you cant trust it anymore.